Cyber Security Domains

Shiva Kumar M V
5 min readApr 24, 2020

Most of the cyber security learners, students and professionals are confused with the skills they have and the requirements what information security challenges throws on them.

This article will help the aspirants to look at the specific domain oriented skills and advance their career in Cyber Security.

As per my knowledge these are the list of domains, you can pursue your career in cyber world.

The little description of each domain listed below will help you to understand in nutshell.

Governance, Risk & Compliance : Is focus more on Organisation’s Security Policies, Procedures, Standards, Acts and compliance to be followed. Some of the compliance like ISO 27001, NIST and GDPR, HIPPA, PCI DSS, etc.

The Job roles offered by industry : Information Security Auditor, IS Consultant, Compliance Consultant etc.

Incidence Response : While any cyber attack take place, the first team respond in any organisation is, “Incidence Response Team”. These are the experts who will take the control of the situation and assess it initially. They will try to normalize the situation with various security measures.

Job Roles offered are : Security Engineer — IR, Incident Responder, Sr.Security Incident Responder etc.

Firmware Security : Firmware is a software program permanently etched into a hardware device such as a keyboards, hard drive, BIOS, or video cards, Air Conditioners, Washing Machines etc. It is programmed to give permanent instructions to communicate with other devices and perform functions like basic input/output tasks.

Security Testing on firmware will help the organisations and customers, to protect them from cyber attacks and can use them safely.

Application Security : This is the most important domain, that majority of the cyber attackers are concentrating to break the controls and gain access of an Applications. The Application Security domain further viewed as “Web Application Security” and “Source Code Review”. Majority of the Software development organisations are recruiting Application Security professionals to evaluate their products through vulnerability assessments and penetration testing and trying to focus on minimizing the application flaws.

The Job Roles are offered are : Application Security Specialist, Security Engineer, Security Consultant, Application Security Manager, Sr.Security Engineer. Security Analyst, Source code reviewer etc.

Operating System Security: There are many attacks performed on Operating Systems like Windows, Mac, Linux, Android and Virtual OS. “Zero day attacks” are very high in OS security.

Job roles offered are : Security Administrator, Security Analyst, OS Security Expert etc.

Database Security : This refers to collect and storing the data in databases. In this domain you can learn and pursue career as how to secure databases and Applications that access the databases etc.

Cloud Security : This talks more about storing the data in cloud and accessing it. Cloud Security refers to a broad set of policies, technologies, applications, and controls utilized to protect virtualized IP, data, applications, services, and the associated infrastructure of cloud computing. It is a sub-domain of computer security, network security, and, more broadly, information security.

Network Security : Network security is any activity designed to protect the usability and integrity of your network and data. It includes both hardware and software technologies. Effective network security manages access to the network. It targets a variety of threats and stops them from entering or spreading on your network. In Network Security you can learn more on Firewalls, UTM’s, DLP, IDS, IPS, Anti-Virus, Endpoint Protections, Load Balancers, Proxy Servers etc.

The job roles like Network Defender, Network Security Administrator, Sr. Netowork Admin roles are offered by many organisations.

Security Operation Center : A Security Operation Center (SOC) is a centralized function within an organization employing people, processes, and technology to continuously monitor and improve an organization’s security posture while preventing, detecting, analyzing, and responding to cyber security incidents.

A SOC acts like the hub or central command post, taking in telemetry from across an organization’s IT infrastructure, including its networks, devices, appliances, and information stores, wherever those assets reside. The proliferation of advanced threats places a premium on collecting context from diverse sources. Essentially, the SOC is the correlation point for every event logged within the organization that is being monitored. For each of these events, the SOC must decide how they will be managed and acted upon.

SIEM is a sub-set of SOC.

Job roles offered in SOC : Jr.Security Engineer — SOC, SOC Consultant, SIEM Consultant, Manager — SOC. etc.

ERP Security : is a wide range of measures aimed at protecting Enterprise resource planning (ERP) systems from illicit access ensuring accessibility and integrity of system data. ERP system is a computer software that serves to unify the information intended to manage the organization including Production, Supply Chain Management, Financial Management, Human Resource Management, Customer Relationship Management, Enterprise Performance Management.
You can build your career with common ERP systems like SAP, Oracle E-Business Suite, Microsoft Dynamics.

Malware Analysis : Malware or malicious software is any computer software intended to harm the host operating system or to steal sensitive data from users, organizations or companies. Malware may include software that gathers user information without permission. It is the study or process of determining the functionality, origin and potential impact of a given malware sample such as a virus, worm, trojan horse, rootkit, or backdoor.

You can build your career as Malware Signature developer, Reverse Engineering Developer etc. Most of the Antivirus Companies will engage these professionals to strengthen their Antivirus products.

IoT Security : IoT security is the technology area concerned with safeguarding connected devices and networks in the internet of things (IoT). IoT involves adding internet connectivity to a system of interrelated computing devices, mechanical and digital machines, objects, animals and/or people.

Cryptography : Cryptography involves creating written or generated codes that allow information to be kept secret. … Information security uses cryptography on several levels. The information cannot be read without a key to decrypt it. The information maintains its integrity during processed, transit and while being stored.
Job roles offered in this domain are : Crypt Analyst, Cryptography Developer, Jr. Crypt Analyst, Cryptography Consultant etc.

Mobile security : is the protection of smartphones, tablets, laptops and other portable computing devices, and the networks they connect to, from threats and vulnerabilities associated with wireless computing. Mobile security is also known as wireless security.

Job roles offered : Mobile Security Analyst, Security Consultant etc.

Docker Container Security : Securing a Docker container is no different than the security of other containers. It requires an all-inclusive approach, securing everywhere from the host to the network and everything in between. Because of their moving parts, ensuring the security of containers is difficult for many organisations, and it requires more than rudimentary level of vigilance.

Now there is huge demand for Docker Security Professionals.

Digital Forensic : The purpose of computer forensics techniques is to search, preserve and analyze information on computer systems to find potential evidence for a trial. Many of the techniques detectives use in crime scene investigations have digital counterparts, but there are also some unique aspects to computer investigations.

Job roles offered by Govt and Private organisations are : Computer forensics engineers, examiners, analysts, or investigators, computer forensics experts and investigate consultants.

Hope this information will helpful to you before you step in your career in Cyber Security.

Welcome to Cyber Security World and All the best for your curious cyber career journey.

Shiva Kumar M V

References : few details from Wikipedia, Internet.

--

--

Shiva Kumar M V

Information Security Consultant, Vulnerability Researcher and Pen tester.